0

Is there a way of protecting the wasm files from tampering?

I am trying to protect a piece of proprietary C++ code from being cracked. I would love to do a checksum of the wasm binary at runtime from within the wasm file but it seems like thats not possible because I can not access the buffer of the executable?

I can do it from JS but that is very easy to modify by a 3rd party actor.

Thanks

david
  • 3,553
  • 4
  • 28
  • 39
  • 1
    I have no experience with web assembly unfortunately, but I would think that even if the binary was capable to checking itself, anyone cracking the code could modify the checking code to always validate. – Carcigenicate Aug 05 '21 at 14:33
  • Agree with above comment. @david you say "I can do it from JS but that is very easy to modify by a 3rd party actor." but Wasm can be equally (if not more) easily modified by a 3rd party actor. If you don't trust the HTTPS connection between yourself and the server, you already have much bigger problems. – RReverser Aug 06 '21 at 02:03
  • I think he do thrust the connection but not the end user and here the problems arise when the use want to form malicious contents then he can do it by looking at the wasm an engineer working but request himself. – Lee Aug 06 '21 at 07:53
  • Yes I trust the connection. But an end user could save the wasm and modify it. I disagree that its more easy to modify the wasm but yes. It's not really hard to do. Thats why I am searching for a solution. – david Aug 13 '21 at 13:11

1 Answers1

0

Software and gaming industries search for such solution for decades. But software and games are still pirated.

You can of course force the program to check own hash with hash, stored in web, but this also can be mitigated (easy or not that's another story). This method is used by software companies which sell subscriptions for software.

Romeo Ninov
  • 6,538
  • 1
  • 22
  • 31